The Gately Report: Arctic Wolf Sees Strong Partner Community Growth

Channel Futures: How will partners benefit from the managed security awareness?

Will Briggs: Our managed security awareness offering is delivered via email and you can watch it on any device, a laptop, a tablet or a phone. They're bite-sized videos to improve security posture and security management with an organization's employees. We saw a tremendous amount of growth in partners that had managed security awareness prior, so this is more pipeline together and more closed business together. What's cool about this is the partner reps get the look and feel of it, they get to see it and ingest it, and then it just helps us sell better together.

CF: Arctic Wolf also has launched a new partner portal. How is that helping partners?

WB: It launched May 1, and what's cool about this is our previous partner portal was really focused around that initial sale and the net-new sale. So any partner could see their net-new opportunities with us, but it lacked customer management and joint customer management, and life cycle management together. So the new portal will provide visibility into our joint customers together and they will be able to see joint customers, our renewal dates, any upsell, cross-sell and renewal opportunities, and who the customer success rep is for their accounts, so really taking that next step in the journey together to retain and grow our customers.

CF: Did these partner program enhancements result from partner feedback?

WB: We aim to have a best-in-class partner program. We wanted to continue to go up and to the right. Not only do we want to be the leader in security operations, but we need to continue to always improve and refine our program. Most of the time when we do make adjustments, it comes from our partner community. So there are a few different avenues where we get feedback from our partner community.

One, we have a partner advisory council that's pretty standard to any other partners, so that's a feedback channel for us. We also have focus groups where we will pick select partners and run ideas by them to gain insight, and their feedback and thoughts, not only on the program side, but also product-related things. So there are multiple channels where we get feedback, even in our Arctic Wolf Partner Jam for our kickoff. The platform allowed us to ask questions during the webinar and it provided a lot of great data points back to us on how we can continue to not only improve our product and our offering, but our program as well.

CF: Arctic Wolf recently unveiled new Security Operations Bundles. Will those create new opportunities for partners? If so, how?

WB: It's pricing and packaging, and bundles are to help us go faster with our partner community. In the bundling model, there are nine different configurations you can have with pricing and packaging. It starts with picking the solution that is right for you. And in that solution, it's either Security Operations Core, Security Operations Plus or Security Operations Total.

At a high level, Core is our bread-and-butter product, managed detection and response (MDR). And then as you move down, additional modules get added, as well as a beefier security operations warranty. And the farther you go, the more that you have the opportunity to mitigate risk and transfer risk through the models. But it allows the customer to pick the right model for them.

And then the second piece of it is the concierge tiering, us delivering the service, us working with the customer to provide security and business outcomes. Do you want silver, gold or platinum? And what comes with silver is a named security engineer, 24/7 security operations center (SOC) support, escalation follow-up and then proactive touch points. And then as you go down the stack to gold or platinum, it just becomes beefier. What this will help us do is simplify our quote-to-cash process with our partner community. It is easier to understand and digest, and enable on, and it will make us go faster with our joint customers and prospects.

CF: Also, Arctic Wolf has added identity threat detection and response (ITDR) to its MDR. How will this benefit partners?

WB: That's a cool one, too. ITDR is really moving toward the identity spectrum and us having integrations with some key vendors to help us ingest and protect, and detect faster. So if you think of vendors like Okta or Duo, we will have better, faster integrations with them.

CF: There’s no hotter topic than AI in cybersecurity. What’s the latest in terms of Arctic Wolf making use of AI to provide stronger cybersecurity?

WB: AI is definitely a busy word in the space today and Arctic Wolf has been doing AI for quite some time. We have a lot of efforts under way with AI, whether that's from case workflow, to creation and refining of our curated queries that we do. We do cross-attack surface detections, threat intelligence, enrichment of tickets, predicting next steps and follow-up actions, automated contacts and digital concierge. Thess are all things that we've done before and we will continue to do. And AI is only going to make that bigger, greater, grander and make us go faster.

Why AI will help us continue to win? It helps us with our security operations platform, unifying cybersecurity across all attack surfaces, and working together with other vendors to provide the security and business outcomes. AI layered in with our concierge delivery model will make our security work faster and better for the customer. And then also having AI-type initiatives for our security journey, making sure the customer continues to go on the journey up and to the right, and continues to harden their security environment and practice.

CF: Is the evolving threat landscape shaping Arctic Wolf’s channel, business and product strategies? If so, how?

WB: The threat landscape is always evolving. And what is nice is the fact that we have north of 5,000 customers, so we get to see it in all shapes and angles, and from every different direction. When one customer has it, most likely another customer has it and it allows us with our security operations platform and our technology to be on the leading edge of what we're seeing, and then being able to take that in, ingest it, and make appropriate actions and calls to the entire customer base. So that's a big difference with working with a best-in-class vendor like us, the Arctic Wolf security operations platform, versus you trying to do it yourself and you being the only one in that swim tank per se.

CF: What do you find most surprising and disturbing about the current threat landscape? Has that changed in the past several months?

WB: It's always changing. The people or the person is always the biggest threat, whether that being clicking on the wrong link, etc. It always starts with the people. So if we continue to invest in and spend time enabling our community on security awareness and security training, and being vigilant out there to make sure to double check everything, I think that needs to continue to happen.

CF: What can partners expect from Arctic Wolf in the months ahead?

WB: The feedback from our partner community has been great. We have a net promoter score of 70 and we want that to continue to grow. We just kicked off Partner Jam here where we released a lot of beefy announcements that we’re excited to see and work through our partner community, and eventually to our end users.

Cybersecurity Awareness Month will be big for us. That’s in October. We always go big with it, and we have a bunch of events not only for our prospects and customers, but our partner community. Then we'll just be looking forward to closing out the year. I would expect we'll see a few different, new solutions with Arctic Wolf and new integrations. Our product and R&D teams will continue to grow and evolve, and create new benefits and features that we provide back to our customers.

The other thing that we’re proud of is the IDC Marketscape for Worldwide MDR Services. Arctic Wolf is seen as a leader in the top right corner A quote from IDC reads, "Taking a vendor and technology neutral approach, Arctic Wolf's customers have the flexibility to swap out tools and technologies (and therefore vendors), as well as preventing vendor lock-in without sacrificing their security efficacy." That just provides validation to our partner community, and ultimately to our customers and prospects.

In other cybersecurity news …

TeamViewer, which provides a connectivity platform to remotely access, control, manage, monitor and repair devices, last week confirmed that its IT environment was breached by Midnight Blizzard, the Russian nation-state hacking group that has repeatedly attacked Microsoft and others.

TeamViewer released the following statement:

“Current findings of the investigation point to an attack on Wednesday, June 26, tied to credentials of a standard employee account within our corporate IT environment. Based on continuous security monitoring, our teams identified suspicious behavior of this account and immediately put incident response measures into action. Together with our external incident response support, we currently attribute this activity to the threat actor known as APT29/Midnight Blizzard. Based on current findings of the investigation, the attack was contained within the corporate IT environment and there is no evidence that the threat actor gained access to our product environment or customer data. Following best-practice architecture, we have a strong segregation of the corporate IT, the production environment and the TeamViewer connectivity platform in place. This means we keep all servers, network and accounts strictly separate to help prevent unauthorized access and lateral movement between the different environments. This segregation is one of multiple layers of protection in our ‘defense in-depth’ approach.”

According to TeamViewer's latest update, the threat actor leveraged a compromised employee account to copy employee directory data, i.e. names, corporate contact information and encrypted employee passwords for its internal corporate IT environment. It has informed its employees and the relevant authorities. It also reconfirmed the threat actor didn't touch its separated product environment, nor the TeamViewer connectivity platform, nor any customer data.

Roger Grimes, data-driven defense evangelist at KnowBe4, said it will be crucial to hear how long TeamViewer was compromised and what was compromised.

KnowBe4's Roger Grimes

“Because TeamViewer is used by so many customers to remotely view and control their computers, it will be critical to understand if any customers were interfered with,” he said. “It's good we are hearing about the attack quickly. I look forward to the future details."

Midnight Blizzard is a well-known, fairly sophisticated Russian advanced persistent threat (APT) group that has been involved in some of the previous, most well-planned, sophisticated attacks, against large targets, such as Microsoft, the DNC and many foreign country governments, Grimes said.

“It's been around at least since 2008 and most people believe it is an arm of the Russian intelligence services,” he said.

CDK Global is continuing its restoration effort after two cyberattacks on the company over a week ago impacted over 15,000 auto dealerships across North America.

The dealerships use CDK Global’s dealer management software to run their businesses, including vehicle sales. Its software handles everything from records to scheduling.

CDK Global sent us its latest statement:

“We are continuing our phased approach to the restoration process and are rapidly bringing dealers live on the Dealer Management System (DMS). We anticipate all dealers connections will be live by late Wednesday, July 3, or early morning Thursday, July 4. Our customer care channels have also been restored and customers can call, chat or submit eCases if they need assistance. We are also actively working on bringing other applications live, including our Customer Relationship Management (CRM), One-Eighty and Service solutions.”

John Bambenek, president of Bambenek Consulting, said it appears a group derived ultimately from Conti named BlackSuit is behind these attacks. While they are less prolific, they tend to go deeper and are very effective.

Bambenek Consulting's John Bambenek

“The core impact of the breach means the cloud systems dealers rely on not just for car sales, but for maintenance are down,” he said. “Dealers that could handle a transition back to paper have mitigated the harm somewhat. For maintenance, specifically, if the dealers can’t perform work, they’ll go somewhere else because people can’t be without cars. They may wait to buy a new vehicle for a period of time, but maintenance typically cannot wait. This will be a boon to those companies that aren’t tied to CDK systems, and ultimately the lost revenue and lawsuits that will result will be a big impact to CDK. Smaller dealerships and shops who aren’t flush with cash face significant risks as the holiday week is usually a good time to buy cars.”

CDK Global is continuing its restoration effort after two cyberattacks on the company over a week ago impacted over 15,000 auto dealerships across North America.

The dealerships use CDK Global’s dealer management software to run their businesses, including vehicle sales. Its software handles everything from records to scheduling.

CDK Global sent us its latest statement:

“We are continuing our phased approach to the restoration process and are rapidly bringing dealers live on the Dealer Management System (DMS). We anticipate all dealers connections will be live by late Wednesday, July 3, or early morning Thursday, July 4. Our customer care channels have also been restored and customers can call, chat or submit eCases if they need assistance. We are also actively working on bringing other applications live, including our Customer Relationship Management (CRM), One-Eighty and Service solutions.”

John Bambenek, president of Bambenek Consulting, said it appears a group derived ultimately from Conti named BlackSuit is behind these attacks. While they are less prolific, they tend to go deeper and are very effective.

Bambenek Consulting's John Bambenek

“The core impact of the breach means the cloud systems dealers rely on not just for car sales, but for maintenance are down,” he said. “Dealers that could handle a transition back to paper have mitigated the harm somewhat. For maintenance, specifically, if the dealers can’t perform work, they’ll go somewhere else because people can’t be without cars. They may wait to buy a new vehicle for a period of time, but maintenance typically cannot wait. This will be a boon to those companies that aren’t tied to CDK systems, and ultimately the lost revenue and lawsuits that will result will be a big impact to CDK. Smaller dealerships and shops who aren’t flush with cash face significant risks as the holiday week is usually a good time to buy cars.”